Rss

    Archives for : August2009

    WPA cracking is getting quicker

    I was reading some posts on the Full-disclosure mailing list and came across the some posts relating to WPA hacking (WPA attack improved to 1min). After spending hundreds of hours using the AIR tools to crack WEP encryption and looking into networks as part of my previous job, I was very interested to see how things are progressing.

    The thread mentioned the paper “A Practical Message Falsification Attack on WPA” posted on http://bit.ly/8qwQt.

    It was a coincidence as I was only taking to one of the executives at work about how easy WEP is to crack and what you can do/discover once you are in.

    I hope you enjoy the paper.

    —– Update —–

    Once this was posted I received many message s and a few more links for the post.

    So here thet are:

    http://www.youtube.com/watch?v=ZeCVkWMUSzE

    http://www.crn.com.au/News/154177,researchers-crack-wpa-encryption-in-60-seconds.aspx

    http://www.renderlab.net/projects/WPA-tables/
    http://205.127.87.136:6969/torrents
    /wpa_psk-h1kari_renderman.torrent?95896A255A82D1FE8B6A2BFFC098B735058B30D7
    http://www.churchofwifi.org/Project_Display.asp?PID=90
    http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf – Though will only help with TKIP

    Thanks to

    Oliver from ethicalhack.org

    Michael from SA Government

    Tim from CQR Consulting

    —– End Update ——


    How To Hijack Fast Food Drive-Thru Frequencies

    This is an article I found on the Phone Losers site I thought I would copy here so I can give it a go at some stage.

    How To Hijack Fast Food Drive-Thru Frequencies

    A few years back, some friends and I were messing around with a Taco Bell’s drive-thru frequencies. RijilV and isotek showed me how easy it was to hijack the frequencies of just about any fast food restaurant with a very simple mod to a ham radio. The radios they used were Yaesu VX-5 and VX-7 models. We had a few weeks of occasional fun, sitting a few parking lots away and saying all kinds of horrible things to potential fast food customers. For the most part, I didn’t record any of it. But you can find a few clips of our fast food hijinks if you scroll down on the PLA Sound Clips Archive page.

    Finally we decided to capture a bit of our FCC violations on video. But instead of capturing actual customers being harassed by us as they placed an order, I drove through the Taco Bell drive-thru myself with a video camera sitting on the dashboard. As I attempted to place my order, RijilV informed me of some crazy new Taco Bell policies and a manager immediately rushed out to explain to me that I wasn’t actually talking to an employee. Here is that video:

    After spending several years on Google Video and YouTube, it’s been watched approximately 20,000 times. And of those 20,000 people who have viewed it, approximately all of them have emailed me and asked me what kind of radio we used and how can they use a radio to do the same thing. So in the spirit of April 1st and in order to quell the number of emails sent to me and posts on the PLA Forums asking the same thing, I’ve decided to write this tutorial to help those people out.

    But I’m not going to explain how to modify a Yaesu VX5 or a Yaesu VX7. A simple Google search will show you how to modify these ham radios. The problem with these mods is that, even though they’re fairly simple, you have to buy the radios which could cost you anywhere from $200 – $400. Then, after removing a couple solder points, you have to learn how to use it, you have to look up fast food frequency lists, you have to understand the difference between the transmit frequencies and the receive frequencies and you have to scroll through PL tones using trial and error to find the correct one.

    Or how about we do this a different way. A way that uses a couple items that you might already have in your home. You can easily modify most old CB radios in a way that will allow them to transmit directly to drive-thru frequencies. You won’t have to scroll through hundreds of possible drive-thru frequencies, because a CB radio’s channels line up in exactly the same way as most drive-thru’s channels, only at a higher frequency. How do you get your CB radio to run at a higher frequency? A simple replacement of the crystal inside, with a 6.5536 MHz crystal. This triples the megahertz that are broadcast on and there is no learning required. You just take the modified CB radio to a fast food restaurant and start broadcasting to the customers.

    “But RBCP, I don’t have a 6.5536 MHz crystal lying around my house,” you might be whining at this point. But this isn’t true. Just about any house has several 6.5536 MHz crystals in them if you know where to look. This just happens to be the exact same crystal that you can find in electric heaters, hair dryers, electric stoves, curling irons, electric hot water heaters, irons, and toasters. These crystals are in just about any item that has heated coils and are used to control the frequency of the heating elements so that they don’t burn your house down.

    So for this modification you need…

    • 1 CB radio. It has to be a 40 channel CB radio with a digital display, which includes just about any CB radio manufactured after the mid 1980’s. The old 23 channel CBs from the 1970’s will not work. It can even be a walkie talkie CB radio. If you don’t have one, you can find one at Goodwill or a yard sale for probably less than $10.
    • 1 toaster. (Or other item with heating elements inside.) A toaster is the most ideal to use, because it’s almost guaranteed to have the crystal inside of it. It’s more common to find curling irons and hair dryers that don’t. Again, it should be a toaster manufactured within the past 20 years or so. Before that they didn’t have crystal requirements for toaster manufacturers. (And incidentally, there were a lot more electrical house fires back then.) Goodwill will probably have a toaster for less than $10.
    • 1 soldering iron and solder. Don’t worry if you don’t have soldering experience. It’s actually pretty easy. Click here for a soldering tutorial. You can purchase a soldering iron at Radio Shack or Sears for about $10.
    • A few screwdrivers

    Even if you have to buy all these materials, you’re only out $30. That’s a lot better than the $300 you might end up spending on a Yaesu radio. And some of you might already have all these items so you don’t have to pay anything. Ask a friend or a relative if they’ve got an old toaster or CB radio lying around that they don’t need.

    First you’ll want to take apart your toaster. This isn’t too hard. Just flip it upside down and start removing the screws. You’ll probably need to pull off the plastic lever and knobs before you remove the top of the toaster. Once you have the top off, you’ll see a green or brown circuit board inside.

    Flip the circuit board down and you’ll see all the components on the other side, including the 6.5536 MHz crystal. The crystal is silver and will have 6.5 stamped on the side of it. In the picture below, I’ve used an arrow to show you where it’s located.

    The crystal is likely in a different spot in other toasters, but it’s hard to mistake for any other electronic component. The crystal will have some form of 6.5 stamped on the side of it. In my toaster, it showed 6.55-12. While the official frequency needed is 6.5536 MHz, anything within 1.6 megahertz will work. So don’t worry if your crystal just says 6.5 or 6.50 – it’s all the same for our purposes.

    It’s kind of hard to see what I’m doing in the picture above, but I’m heating up the leads on the crystal from underneath with my soldering iron to melt the solder, and I’m pulling on the crystal from above with a pair of needle nose pliers. It only takes a few seconds to get the crystal out of the toaster.

    Now that the crystal is out of your toaster, throw your toaster away! Do not attempt to use it once the crystal is removed. Remember, the crystal is in there for safety and using your toaster without the crystal could burn your toast and/or start a kitchen fire. It’s likely your toaster won’t even turn on with the missing crystal, but please don’t even try. Just throw it away.

    As I mentioned before, just about any brand and model of CB radio will work, as long as it has the digital display on it. Which means, just about any CB radio manufactured after the mid 1980’s. These are the kinds of CB radios whose frequencies are controlled by a single crystal inside of them. For my mod, I used a Radio Shack TRC-207 walkie talkie CB radio, which is pictured above. I prefer using a walkie talkie CB radio because it doesn’t requiring sticking a huge CB antenna on the roof of my car which might be noticed if a fast food employee starts looking around the parking lot for the culprits.

    Taking apart your CB radio is just as easy as taking apart the toaster. Remove the screws and pop it open. You may or may not have to lift up the circuit board inside to find the crystal inside. In my particular model, the crystal actually plugged into a socket so I didn’t need to even desolder the old crystal. I just pulled it out with my fingers and then plugged in the new 6.55 MHz crystal. I don’t know how common this is, because in other CB radios that I’ve modified the crystal was soldered to the circuit board, just like in the toaster.

    Put your CB back together and test it to make sure it’s working. You’re finished! Obviously, you won’t be able to talk on normal CB channels anymore since your CB is transmitting and receiving at a much higher frequency now. But who cares, CB channels are lame anyway. Let’s hop in the car and drive to our nearest fast food establishment to test it out.

    Sit near the drive-thru and wait for a customer to pull up. While the customer is talking to the drive-thru speaker, start flipping through your channels until you hear them talking. I’ve found that most drive thrus end up being somewhere in the 16 – 25 channel range. I’ve never found one above channel 30 and only a few on channels 1 through 15. It all depends on how their drive-thru is set up and what frequencies they’re using. Anyway, push down your talk button and start talking to the customer.

    The cool thing about using a CB radio to transmit on drive-thru frequencies is that a CB is designed to work for several miles. The headsets that those fast food people wear are only designed to work for about 100 feet. So you can easily overpower the employees, even if you’re several parking lots away. In fact, you may be inadvertently screwing with several other drive-thrus in town without even knowing it. This is more likely when you’re using the kind of CB radio that’s supposed to be installed in a car. Those usually run on 5 watts and can cover an entire city. This is another reason I like to use my walkie talkie. It’s lucky if it will work for even a mile, so I’m only harassing one restaurant at a time.

    If you found this tutorial useful, you might also enjoy the video I’ve made on the same subject. It includes much of the same information in this tutorial, but also includes actual footage of us messing with a drive-thru with this CB mod. Enjoy!

    You might also enjoy our original Taco Bell Takeover video, our Happy Birthday drive-thru video and our Drive-Thru Shenanigans video.

    icon for podpress PLA TV: Hijacking Fast Food Frequencies [9:12m]: Download (4913)

    Local Copy

    Google Helps Find Webcam’s

    The below lines can be placed into Google to find hidden cams on the net.

    http://www.google.com.au/search?q=inurl:”ViewerFrame?Mode=
    http://www.google.com.au/search?q=intitle:Axis 2400 video server
    http://www.google.com.au/search?q=inurl:/view.shtml
    http://www.google.com.au/search?q=intitle:”Live View / – AXIS” | inurl:view/view.shtml^
    http://www.google.com.au/search?q=inurl:ViewerFrame?Mode=
    http://www.google.com.au/search?q=inurl:ViewerFrame?Mode=Refresh
    http://www.google.com.au/search?q=inurl:axis-cgi/jpg
    http://www.google.com.au/search?q=inurl:axis-cgi/mjpg (motion-JPEG)
    http://www.google.com.au/search?q=inurl:view/indexFrame.shtml
    http://www.google.com.au/search?q=inurl:view/index.shtml
    http://www.google.com.au/search?q=inurl:view/view.shtml
    http://www.google.com.au/search?q=liveapplet
    http://www.google.com.au/search?q=intitle:”live view” intitle:axis
    http://www.google.com.au/search?q=intitle:liveapplet
    http://www.google.com.au/search?q=allintitle:”Network Camera NetworkCamera”
    http://www.google.com.au/search?q=intitle:axis intitle:”video server”
    http://www.google.com.au/search?q=intitle:liveapplet inurl:LvAppl
    http://www.google.com.au/search?q=intitle:”EvoCam” inurl:”webcam.html”
    http://www.google.com.au/search?q=intitle:”Live NetSnap Cam-Server feed”
    http://www.google.com.au/search?q=intitle:”Live View / – AXIS”
    http://www.google.com.au/search?q=intitle:”Live View / – AXIS 206M”
    http://www.google.com.au/search?q=intitle:”Live View / – AXIS 206W”
    http://www.google.com.au/search?q=intitle:”Live View / – AXIS 210″
    http://www.google.com.au/search?q=inurl:indexFrame.shtml Axis
    http://www.google.com.au/search?q=inurl:”MultiCameraFrame?Mode=Motion”
    http://www.google.com.au/search?q=intitle:start inurl:cgistart
    http://www.google.com.au/search?q=intitle:”WJ-NT104 Main Page”
    http://www.google.com.au/search?q=intext:”MOBOTIX M1″ intext:”Open Menu”
    http://www.google.com.au/search?q=intext:”MOBOTIX M10″ intext:”Open Menu”
    http://www.google.com.au/search?q=intext:”MOBOTIX D10″ intext:”Open Menu”
    http://www.google.com.au/search?q=intitle:snc-z20 inurl:home/
    http://www.google.com.au/search?q=intitle:snc-cs3 inurl:home/
    http://www.google.com.au/search?q=intitle:snc-rz30 inurl:home/
    http://www.google.com.au/search?q=intitle:”sony network camera snc-p1″
    http://www.google.com.au/search?q=intitle:”sony network camera snc-m1″
    http://www.google.com.au/search?q=site:.viewnetcam.com -www.viewnetcam.com
    http://www.google.com.au/search?q=intitle:”Toshiba Network Camera” user login
    http://www.google.com.au/search?q=intitle:”netcam live image”
    http://www.google.com.au/search?q=intitle:”i-Catcher Console – Web Monitor”
    http://www.google.com.au/search?q=inurl:viewerframe?mode= changing room
    http://www.google.com.au/search?q=inurl:view index/shtml/home
    http://www.google.com.au/search?q=inurl-’your frame?mode=motion’
    http://www.google.com.au/search?q=inurl.”viewframe?mode=refresh”
    http://www.google.com.au/search?q=sex inurl:/view/shtml
    http://www.google.com.au/search?q=inural:view
    http://www.google.com.au/search?q=inurl:viewerframe?mode=home
    http://www.google.com.au/search?q=axis hacks
    http://www.google.com.au/search?q=“inurl:”view from?mode=refresh”
    http://www.google.com.au/search?q=/view/index.shtml.msn
    http://www.google.com.au/search?q=”nurl:viewerframe?mode=refresh”
    http://www.google.com.au/search?q=inurl:”viewerframe?mode=” naked
    http://www.google.com.au/search?q=inurl:/view.index.shtml adult
    http://www.google.com.au/search?q=inurl:”viewerframe? mode= refresh”
    http://www.google.com.au/search?q=site:www.scribd.com inurl”viewframe?mode=refresh”
    http://www.google.com.au/search?q=inurl:”viewerframe?mode=” live webcams
    http://www.google.com.au/search?q=inurl:”view/index.shtml
    http://www.google.com.au/search?q=reset mobotix camera
    http://www.google.com.au/search?q=inurl: view
    http://www.google.com.au/search?q=url:viewerframe?=mode
    http://www.google.com.au/search?q=inurl:/view/shtml school
    http://www.google.com.au/search?q=inurl::viewerframe?mode”refresh
    http://www.google.com.au/search?q=inurl:view:/shtml porn
    http://www.google.com.au/search?q=“inurl: /shtml”
    http://www.google.com.au/search?q=inurl:”viewerframe?mode motion” motion

    A link to others http://peep.ontheweb.nl/

    The Cheque is back

    I thought we were removing the need for the cheque in the electronic age.

    Apparently not, ‘check’ out this link on Engadget.

    USAA’s Deposit@Mobile app puts check deposits a mug shot away